k8s若依部署手册
一、部署redis
若依使用Redis 作为缓存使用,安转单节点就可以,数据不需要持久化。
#使用Helm安装
#集群配置文件路径
export KUBECONFIG=/etc/rancher/k3s/k3s.yaml
#添加仓库
helm repo add bitnami https://charts.bitnami.com/bitnami
#安装redis
helm install redis \
--set architecture=standalone \
--set-string auth.password=123456 \
--set master.persistence.enabled=false \
--set master.persistence.medium=Memory \
--set master.persistence.sizeLimit=1Gi \
bitnami/redis \
--kubeconfig=/etc/rancher/k3s/k3s.yaml
NAME: redis
LAST DEPLOYED: Mon Oct 31 14:57:52 2022
NAMESPACE: default
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
CHART NAME: redis
CHART VERSION: 17.3.7
APP VERSION: 7.0.5
** Please be patient while the chart is being deployed **
Redis® can be accessed via port 6379 on the following DNS name from within your cluster:
redis-master.default.svc.cluster.local
To get your password run:
export REDIS_PASSWORD=$(kubectl get secret --namespace default redis -o jsonpath="{.data.redis-password}" | base64 -d)
To connect to your Redis® server:
1. Run a Redis® pod that you can use as a client:
kubectl run --namespace default redis-client --restart='Never' --env REDIS_PASSWORD=$REDIS_PASSWORD --image docker.io/bitnami/redis:7.0.5-debian-11-r7 --command -- sleep infinity
Use the following command to attach to the pod:
kubectl exec --tty -i redis-client \
--namespace default -- bash
2. Connect using the Redis® CLI:
REDISCLI_AUTH="$REDIS_PASSWORD" redis-cli -h redis-master
To connect to your database from outside the cluster execute the following commands:
kubectl port-forward --namespace default svc/redis-master 6379:6379 &
REDISCLI_AUTH="$REDIS_PASSWORD" redis-cli -h 127.0.0.1 -p 6379
二、部署MySQL
- 创建一个数据库
ry-vue - 导入初始化数据
- 使用
sql文件生成configMap`
kubectl create configmap ruoyi-init-sql --from-file=/home/app/sql
- 安装MySQL
vim ruoyi-mysql.yaml
auth:
rootPassword: "123456"
database: ry-vue
initdbScriptsConfigMap: ruoyi-init-sql
primary:
persistence:
size: 2Gi
enabled: true
secondary:
replicaCount: 2
persistence:
size: 2Gi
enabled: true
architecture: replication
helm install db -f ruoyi-mysql.yaml \
bitnami/mysql \
--kubeconfig=/etc/rancher/k3s/k3s.yaml
NAME: db
LAST DEPLOYED: Mon Oct 31 15:02:23 2022
NAMESPACE: default
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
CHART NAME: mysql
CHART VERSION: 9.4.1
APP VERSION: 8.0.31
** Please be patient while the chart is being deployed **
Tip:
Watch the deployment status using the command: kubectl get pods -w --namespace default
Services:
echo Primary: db-mysql-primary.default.svc.cluster.local:3306
echo Secondary: db-mysql-secondary.default.svc.cluster.local:3306
Execute the following to get the administrator credentials:
echo Username: root
MYSQL_ROOT_PASSWORD=$(kubectl get secret --namespace default db-mysql -o jsonpath="{.data.mysql-root-password}" | base64 -d)
To connect to your database:
1. Run a pod that you can use as a client:
kubectl run db-mysql-client --rm --tty -i --restart='Never' --image docker.io/bitnami/mysql:8.0.31-debian-11-r0 --namespace default --env MYSQL_ROOT_PASSWORD=$MYSQL_ROOT_PASSWORD --command -- bash
2. To connect to primary service (read/write):
mysql -h db-mysql-primary.default.svc.cluster.local -uroot -p"$MYSQL_ROOT_PASSWORD"
3. To connect to secondary service (read-only):
mysql -h db-mysql-secondary.default.svc.cluster.local -uroot -p"$MYSQL_ROOT_PASSWORD"
连接测试
kubectl port-forward svc/redis-master --address=192.168.56.109 6379:6379
kubectl port-forward svc/db-mysql-primary --address=192.168.56.109 3306:3306
三、构建后端镜像
在项目的根目录下创建dockerfile文件。
#编译
FROM maven AS build
WORKDIR /build/app
#将本地的maven目录装载到容器中的maven目录下,这样就不用重复下载依赖的jar包了
#VOLUME ~/.m2 /root/.m2
COPY . .
RUN mvn clean package
#打包
FROM openjdk:8u342-jre
WORKDIR /app/ruoyi
COPY --from=build /build/app/ruoyi-admin/target/ruoyi-admin.jar .
EXPOSE 8080
ENTRYPOINT ["java","-jar","ruoyi-admin.jar"]
#打包镜像
docker build -t ruoyi-admin:v3.8 .
四、构建前端镜像
在ruoyi-ui目录下创建dockerfile
FROM node:14-alpine AS build
WORKDIR /build/ruoyi-ui
COPY . .
# 安装依赖并打包到正式环境
RUN npm install --registry=https://registry.npmmirror.com && npm run build:prod
FROM nginx:1.22
WORKDIR /app/ruoyi-ui
COPY --from=build /build/ruoyi-ui/dist .
EXPOSE 80
docker build -t ruoyi-ui:v3.8 .
五、部署后端(ruoyi-admin)
Redis和MySQL的DNS地址
#Redis can be accessed via port 6379 on the following DNS name from within your cluster:
redis-master.default.svc.cluster.local
#MySQL DNS NAME
Primary:
db-mysql-primary.default.svc.cluster.local:3306
Secondary:
db-mysql-secondary.default.svc.cluster.local:3306
使用配置文件生成configMap
vim application-k8s.yaml
# 数据源配置
spring:
# redis 配置
redis:
# 地址
host: redis-master
# 端口,默认为6379
port: 6379
# 数据库索引
database: 0
# 密码
password: 123456
# 连接超时时间
timeout: 10s
lettuce:
pool:
# 连接池中的最小空闲连接
min-idle: 0
# 连接池中的最大空闲连接
max-idle: 8
# 连接池的最大数据库连接数
max-active: 8
# #连接池最大阻塞等待时间(使用负值表示没有限制)
max-wait: -1ms
datasource:
type: com.alibaba.druid.pool.DruidDataSource
driverClassName: com.mysql.cj.jdbc.Driver
druid:
# 主库数据源
master:
url: jdbc:mysql://db-mysql-primary:3306/ry-vue?useUnicode=true&characterEncoding=utf8&zeroDateTimeBehavior=convertToNull&useSSL=true&serverTimezone=GMT%2B8
username: root
password: 123456
# 从库数据源
slave:
# 从数据源开关/默认关闭
enabled: true
url: jdbc:mysql://db-mysql-secondary:3306/ry-vue?useUnicode=true&characterEncoding=utf8&zeroDateTimeBehavior=convertToNull&useSSL=true&serverTimezone=GMT%2B8
username: root
password: 123456
# 初始连接数
initialSize: 5
# 最小连接池数量
minIdle: 10
# 最大连接池数量
maxActive: 20
# 配置获取连接等待超时的时间
maxWait: 60000
# 配置间隔多久才进行一次检测,检测需要关闭的空闲连接,单位是毫秒
timeBetweenEvictionRunsMillis: 60000
# 配置一个连接在池中最小生存的时间,单位是毫秒
minEvictableIdleTimeMillis: 300000
# 配置一个连接在池中最大生存的时间,单位是毫秒
maxEvictableIdleTimeMillis: 900000
# 配置检测连接是否有效
validationQuery: SELECT 1 FROM DUAL
testWhileIdle: true
testOnBorrow: false
testOnReturn: false
webStatFilter:
enabled: true
statViewServlet:
enabled: true
# 设置白名单,不填则允许所有访问
allow:
url-pattern: /druid/*
# 控制台管理用户名和密码
login-username: ruoyi
login-password: 123456
filter:
stat:
enabled: true
# 慢SQL记录
log-slow-sql: true
slow-sql-millis: 1000
merge-sql: true
wall:
config:
multi-statement-allow: true
创建configMap
kubectl create configmap ruoyi-admin-config --from-file=/home/app/application-k8s.yaml
kubectl describe configmap/ruoyi-admin-config
六、部署后台应用
spring boot 加载配置文件的最高优先级是项目根路径下的**config**子目录,打包的时候指定的项目根目录是**/app/ruoyi**,所以可以将configMap中的配置文件挂载到容器中的**/app/ruoyi/config**目录中
apiVersion: apps/v1
kind: Deployment
metadata:
name: ruoyi-admin
labels:
app: ruoyi-admin
spec:
replicas: 1
selector:
matchLabels:
app: ruoyi-admin
template:
metadata:
labels:
app: ruoyi-admin
spec:
containers:
- name: ruoyi-admin
image: 10.150.36.72:5000/ruoyi-admin:v3.8
ports:
- containerPort: 8080
volumeMounts:
# springBoot启动时,在jar包所在位置的config目录下查找配置文件
# jar包所在的位置就是dockerfile中WORKDIR定义的目录,即/app/ruoyi
- mountPath: /app/ruoyi/config
name: config
# 使用application-k8s.yaml作为配置文件
# 启动命令如下: java -jar ruoyi-admin.jar --spring.profiles.active=k8s
args: ["--spring.profiles.active=k8s"]
volumes:
- name: config
configMap:
name: ruoyi-admin-config
---
apiVersion: v1
kind: Service
metadata:
name: ruoyi-admin
spec:
type: ClusterIP
selector:
app: ruoyi-admin
ports:
- port: 8080
targetPort: 8080
查看service
测试一下:curl 10.43.61.103:8080
七、部署前端(ruoyi-ui)
nginx配置文件
vim nginx.conf
server {
listen 80;
server_name localhost;
charset utf-8;
location / {
# dockerfile中WORKDIR目录
root /app/ruoyi-ui;
try_files $uri $uri/ /index.html;
index index.html index.htm;
}
location /prod-api/ {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# 后端service的DNS
proxy_pass http://ruoyi-admin:8080/;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
创建configMap
kubectl create configmap ruoyi-ui-config --from-file=/home/app/conf/nginx.conf
kubectl describe configmap/ruoyi-ui-config
kubernetes资源清单
apiVersion: apps/v1
kind: Deployment
metadata:
name: ruoyi-ui
labels:
app: ruoyi-ui
spec:
replicas: 1
selector:
matchLabels:
app: ruoyi-ui
template:
metadata:
labels:
app: ruoyi-ui
spec:
containers:
- name: ruoyi-ui
image: 10.150.36.72:5000/ruoyi-ui:v3.8
ports:
- containerPort: 80
volumeMounts:
- mountPath: /etc/nginx/conf.d
name: config
volumes:
- name: config
configMap:
name: ruoyi-ui-config
items:
- key: nginx.conf
path: default.conf
---
apiVersion: v1
kind: Service
metadata:
name: ruoyi-ui
spec:
type: NodePort
selector:
app: ruoyi-ui
ports:
- port: 80
targetPort: 80
nodePort: 30080
浏览器访问: http://192.168.56.109:30080/
八、Pod启动顺序
应用部署完成后,当我们重启服务时,如果ruoyi-admin在mysql或redis之前启动,服务会报错,启动失败。
初始化容器与启动顺序
我们可以使用初始化容器(Init Container)来控制启动顺序。
- Pod中的初始化容器在应用容器之前启动。
- 初始化容器未执行完成,应用容器不会启动。
- 多个初始化容器按顺序执行,前一个执行完成才会执行下一个。
前端依赖
前端应用**ruoyi-ui**需要等待后端服务**ruoyi-admin**就绪之后再启动。
apiVersion: apps/v1
kind: Deployment
metadata:
name: ruoyi-ui
labels:
app: ruoyi-ui
spec:
replicas: 1
selector:
matchLabels:
app: ruoyi-ui
template:
metadata:
labels:
app: ruoyi-ui
spec:
initContainers:
- name: wait-for-ruoyi-admin
image: nginx:1.22
command:
- sh
- -c
- |
until curl -m 3 ruoyi-admin:8080
do
echo waiting for ruoyi-admin;
sleep 5;
done
containers:
- name: ruoyi-ui
image: 10.150.36.72:5000/ruoyi-ui:v3.8
ports:
- containerPort: 80
volumeMounts:
- mountPath: /etc/nginx/conf.d
name: config
volumes:
- name: config
configMap:
name: ruoyi-ui-config
items:
- key: nginx.conf
path: default.conf
---
apiVersion: v1
kind: Service
metadata:
name: ruoyi-ui
spec:
type: NodePort
selector:
app: ruoyi-ui
ports:
- port: 80
targetPort: 80
nodePort: 30080
使用**until do**的方式虽然可以实现等待依赖的服务就绪,但是他是一个无限循环,最好的方式是设置失败重试次数,超过这个次数,初始化容器以失败的状态退出,Pod启动终止
后端依赖
启动后端应用**ruoyi-admin**需要先确认MySQL和Redis服务已经就绪。
apiVersion: apps/v1
kind: Deployment
metadata:
name: ruoyi-admin
labels:
app: ruoyi-admin
spec:
replicas: 1
selector:
matchLabels:
app: ruoyi-admin
template:
metadata:
labels:
app: ruoyi-admin
spec:
initContainers:
- name: wait-for-mysql
image: bitnami/mysql:8.0.31-debian-11-r0
env:
- name: MYSQL_ROOT_PASSWORD
value: "123456"
command:
- sh
- -c
- |
set -e
maxTries=10
while [ "$$maxTries" -gt 0 ] \
&& ! mysqladmin ping --connect-timeout=3 -s \
-hdb-mysql-primary -uroot -p$$MYSQL_ROOT_PASSWORD
do
echo 'Waiting for MySQL to be available'
sleep 5
let maxTries--
done
if [ "$$maxTries" -le 0 ]; then
echo >&2 'error: unable to contact MySQL after 10 tries'
exit 1
fi
- name: wait-for-redis
image: bitnami/redis:7.0.5-debian-11-r7
env:
- name: REDIS_PASSWORD
value: "123456"
command:
- sh
- -c
- |
set -e
maxTries=10
while [ "$$maxTries" -gt 0 ] \
&& ! timeout 3 redis-cli -h redis-master -a $$REDIS_PASSWORD ping
do
echo 'Waiting for Redis to be available'
sleep 5
let maxTries--
done
if [ "$$maxTries" -le 0 ]; then
echo >&2 'error: unable to contact Redis after 10 tries'
exit 1
fi
containers:
- name: ruoyi-admin
image: 10.150.36.72:5000/ruoyi-admin:v3.8
ports:
- containerPort: 8080
volumeMounts:
# springBoot启动时,在jar包所在位置的config目录下查找配置文件
# jar包所在的位置就是dockerfile中WORKDIR定义的目录,即/app/ruoyi
- mountPath: /app/ruoyi/config
name: config
# 使用application-k8s.yaml作为配置文件
# 启动命令如下: java -jar ruoyi-admin.jar --spring.profiles.active=k8s
args: ["--spring.profiles.active=k8s"]
volumes:
- name: config
configMap:
name: ruoyi-admin-config
---
apiVersion: v1
kind: Service
metadata:
name: ruoyi-admin
spec:
type: ClusterIP
selector:
app: ruoyi-admin
ports:
- port: 8080
targetPort: 8080
九、Ingress
如果将应用发布为NodePort类型的Service,那么可以通过集群内的任意一台主机的端口访问服务。
当集群位于公有云或私有云上时,要从互联网进行访问,需要使用公网IP或者域名,公网IP是相对稀缺的资源,不可能给所有主机都分配公网IP,并且随着公开的服务变多,众多的端口也变得难以管理。
面对这种情况,我们可以使用Ingress。
Ingress 可实现:
-
- URL路由规则配置
- 负载均衡、流量分割、流量限制
- HTTPS配置
- 基于名字的虚拟托管
创建 Ingress 资源,需要先部署 Ingress 控制器,例如 ingress-nginx。
不同控制器用法和配置是不一样的。
K3s自带来一个基于Traefik的Ingress控制器,因此我们可以直接创建Ingress资源,无需再安装ingress控制器了。
注意:Ingress 只能公开HTTP 和 HTTPS 类型的服务到互联网。
公开其他类型的服务,需要使用NodePort或LoadBalancer类型的Service。
创建Ingress
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ruoyi-ingress
spec:
rules:
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: ruoyi-ui
port:
number: 80
注意:这里的path,需要跟ruoyi-ui使用的nginx.conf中的location一致,不然会报错。
kubectl get ingress
kubectl describe ingress
所有服务都通过公网IP或域名的80端口访问。
路径类型
Ingress 中的每个路径必须设置路径类型(Path Type),当前支持的路径类型有三种:
**Exact**:精确匹配 URL 路径。区分大小写。
**Prefix**:URL 路径前缀匹配。区分大小写。并且对路径中的元素逐个完成。
(说明:/foo/bar 匹配 /foo/bar/baz**, 但不匹配 /foo/barbaz。)
**ImplementationSpecific**:对于这种路径类型,匹配方法取决于 IngressClass定义的处理逻辑。
主机名匹配
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ruoyi-ingress
spec:
rules:
#类似于nginx的虚拟主机配置
- host: "front.ruoyi.com"
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: ruoyi-ui
port:
number: 80
- host: "backend.ruoyi.com"
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: ruoyi-admin
port:
number: 8080
在**/etc/hosts**中添加2条记录:
打开http://front.rouyi.com/和http://backend.ruoyi.com/分别访问前后端。
参考文档:
https://kubernetes.io/zh-cn/docs/concepts/services-networking/ingress/
本文来自博客园,作者:丁志岩,转载请注明原文链接:https://www.cnblogs.com/dezyan/p/18856716
浙公网安备 33010602011771号